Privacy Policy
1 Who We Are & How to Contact Us
This Privacy Policy is published by Coffee & Blenders SA (“we”, “us”, “our”), operator of coffeeandblenders.co.za โ a South African online retailer of Italian espresso machines, coffee grinders and Thermomixยฎ appliances.
Under the Protection of Personal Information Act 4 of 2013 (POPIA), Coffee & Blenders SA is the Responsible Party that determines the purpose of and means for processing your personal information.
Information Officer & Contact Details
2 What Personal Information We Collect
Under Section 18 of POPIA we must inform you of the personal information we collect. We only collect information that is adequate, relevant and not excessive for the stated purposes.
Information you give us directly
| Category | Information | When Collected |
|---|---|---|
| Identity | Full name, title | Account, checkout, contact form |
| Contact | Email address, phone number, physical address, province | Account creation, checkout, enquiries |
| Delivery | Delivery address, recipient name, instructions | Order placement |
| Transaction | Order history, products purchased, amounts, invoice details | Each purchase |
| Payment method | Payment type only โ full card numbers processed by SSL-secured payment gateway, not by us | Checkout |
| Communication | Enquiry content, support requests, returns correspondence | Contact form, email |
| Marketing preferences | Consent status, opt-out history | Account setup, checkout, email sign-up |
Information collected automatically
| Category | Information | Method |
|---|---|---|
| Technical | IP address, browser type, device type, operating system | Server logs, cookies |
| Usage | Pages visited, products viewed, time on site, click behaviour | Cookies, Google Analytics |
| Location | General geographic location derived from IP (province-level only) | Google Analytics |
| Session | Cart contents, session ID, referring website | WooCommerce session cookies |
3 How We Use Your Personal Information
We process your personal information only for specific, explicitly defined and lawful purposes. The legal bases available under Section 11 of POPIA are: consent (s.11(1)(a)), performance of a contract (s.11(1)(b)), legal obligation (s.11(1)(c)), protection of legitimate interests (s.11(1)(f)), and the operator relationship (s.11(1)(g)).
| Purpose | Legal Basis (POPIA s.11) | Data Used |
|---|---|---|
| Processing and fulfilling your order | Contract (s.11(1)(b)) | Identity, contact, delivery, payment, transaction |
| Order confirmations & delivery updates | Contract (s.11(1)(b)) | Email, order details |
| Returns, refunds & warranty processing | Contract / Legal obligation (s.11(1)(b)(c)) | Identity, contact, transaction, payment |
| Customer service & support | Legitimate interest / Contract (s.11(1)(b)(f)) | Identity, contact, communication |
| Marketing emails (with consent or existing customer) | Consent (s.11(1)(a)) / Section 69 existing customer | Email, preferences, purchase history |
| Website analytics & improvement | Legitimate interest (s.11(1)(f)) | Technical, usage data (anonymised) |
| Fraud prevention & security | Legitimate interest / Legal obligation (s.11(1)(c)(f)) | Identity, technical, transaction |
| Legal compliance & record-keeping | Legal obligation (s.11(1)(c)) | Identity, contact, transaction |
4 Who We Share Your Information With
We share personal information with third parties only where strictly necessary to operate our business and fulfil our obligations to you. We do not sell, rent or trade personal information. All third parties are contractually required to handle your information in accordance with POPIA.
| Third Party | Purpose | Information Shared |
|---|---|---|
| Courier partners (e.g. Aramex, Courier Guy) | Delivering your order nationwide | Name, delivery address, phone, order reference |
| SSL-secured payment gateway | Processing your payment securely | Payment data processed directly by gateway โ we do not receive or store full card numbers |
| WooCommerce / WordPress hosting | Website and e-commerce platform | Account data, orders, technical data |
| Google LLC (Analytics, Ads, Merchant Center) | Analytics, Shopping listings, advertising | Anonymised usage data, cookie IDs โ no name or email shared with Google for analytics purposes |
| Email service provider | Transactional and marketing emails | Email address, name, order details |
| Manufacturer warranty partners (Vorwerk, Gaggia, Lelit, Wega, Eureka, Macap, Presso, Rocket, Nurri) | Warranty and after-sales claims you initiate | Name, contact, product serial number, proof of purchase |
| Accounting software | Financial records and tax compliance | Invoice and transaction data |
| SARS | Statutory tax obligations | Business transaction records as legally required |
| Law enforcement / courts | Legal obligation, fraud prevention, dispute resolution | Only as required by valid legal process or court order |
International data transfers
Some service providers are based outside South Africa โ including Google LLC (United States). When we transfer personal information internationally, we ensure adequate safeguards are in place as required by Section 72 of POPIA, including standard contractual obligations requiring recipients to uphold POPIA principles and maintain protection standards substantially similar to South African law.
5 Cookies & Tracking Technologies
Our website uses cookies โ small text files stored on your device โ to provide a functional shopping experience, analyse site usage, and (with your consent) personalise content and advertising. In line with POPIA and Google Merchant Center requirements, we obtain your consent before placing non-essential cookies.
Cookies we use
Managing your cookie consent
- Use the cookie consent banner on your first visit to set or update your preferences
- Clear cookies from your browser settings at any time to reset consent
- Opt out of Google Analytics: tools.google.com/dlpage/gaoptout
- Manage Google ad personalisation: adssettings.google.com
- Withdrawing non-essential cookie consent will not affect your ability to shop on our site
6 Your Rights as a Data Subject
Under POPIA Chapter 2, Section 5, you have the following rights regarding your personal information. Exercise any right by emailing sales@coffeeandblenders.co.za with “POPIA Request โ [Right Type]” in the subject line. We will respond within 30 days of receiving a complete, valid request and may require proof of identity.
7 How Long We Keep Your Information
We retain personal information only as long as necessary to fulfil the purposes for which it was collected, or as required by South African law. Personal information that is no longer needed is securely deleted, anonymised or de-identified.
| Data Category | Retention Period | Reason |
|---|---|---|
| Order and transaction records | 5 years from transaction date | SARS tax and VAT obligations, CPA warranty records |
| Customer account information | Duration of account + 3 years after closure | Legitimate business interest, legal compliance |
| Warranty and returns records | 2 years from date of purchase | Manufacturer warranty coverage period |
| Marketing consent records | Until consent withdrawal + 3 years | POPIA Section 69 โ proof of lawful basis |
| Support and correspondence | 3 years from last correspondence | Dispute resolution and legal defence |
| Google Analytics data | 26 months (Google’s standard) | Website improvement and performance analysis |
| Security and fraud logs | 12 months | Fraud detection and incident response |
8 How We Protect Your Information
We implement appropriate technical and organisational security measures as required by Section 19 of POPIA and Google Merchant Center guidelines to protect your personal information against unauthorised access, accidental loss, destruction, alteration or disclosure.
- SSL/TLS encryption: All data between your browser and coffeeandblenders.co.za is encrypted via HTTPS โ as required by Google Merchant Center for collecting personal and payment information
- Payment security: We do not store full credit or debit card numbers. Payment data is processed exclusively by our SSL-secured, PCI-DSS compliant payment gateway
- Access controls: Access to personal information is restricted to authorised personnel who need it to perform their job functions
- Platform security: Our WooCommerce and WordPress platform is maintained with current security patches and updates
- Data minimisation: We collect only information necessary for the stated purpose, in line with POPIA’s minimality principle (Section 10)
Data breach notification
In the event of a security compromise involving your personal information that is likely to result in serious harm, we will notify you and the South African Information Regulator as soon as reasonably possible โ as required by Section 22 of POPIA and the April 2025 amended POPIA Regulations. Our notification will describe the nature of the breach, the information involved, and the remedial steps taken.
9 Direct Marketing & Email Communications
We may send you marketing communications in the following circumstances, in line with Section 69 of POPIA and the Information Regulator’s 2024/2025 Guidance Note on Direct Marketing:
When we may contact you
- Existing customers: We may email you about similar products to those you have previously purchased using your checkout email address โ unless you have opted out
- With your consent: If you have expressly opted in during account creation, checkout or via an email sign-up form
- Transactional emails: Order confirmations, dispatch notifications and returns updates are always sent regardless of your marketing preference โ these form part of your purchase contract
How to opt out at any time
- Click the “Unsubscribe” link in the footer of any marketing email โ removed within 10 business days
- Email sales@coffeeandblenders.co.za with “Unsubscribe” in the subject line
- Opting out of marketing does not affect transactional emails about your orders
10 Third-Party Links & Google Shopping
Our website may contain links to third-party websites including manufacturer sites, review platforms and social media. We are not responsible for the privacy practices of these external sites โ please review their privacy policies before providing personal information.
Google Shopping & Google Merchant Center
Our products are listed on Google Shopping via Google Merchant Center. When you click a Google Shopping listing and visit our site, Google may have already collected information about your search behaviour. That collection is governed by Google’s Privacy Policy. On our website, we collect your information as described in Sections 2 and 5 of this policy.
11 Complaints & the South African Information Regulator
If you are concerned about how we handle your personal information, please contact us first at sales@coffeeandblenders.co.za. We will investigate and respond within 30 days.
If you are not satisfied with our response, or believe we have violated your POPIA rights, you have the right to lodge a formal complaint with the South African Information Regulator:
Information Regulator โ South Africa
12 Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in South African law (including POPIA amendments), Google Merchant Center requirements, or our data processing practices. The revised policy will be published on this page with an updated effective date.
Where a material change affects how we use your personal information, we will notify you by email or by prominent notice on our website at least 14 days before the change takes effect. Continued use of coffeeandblenders.co.za after the effective date constitutes acceptance of the revised policy.
Effective date: 1 April 2026 | Version: 2.0 | Jurisdiction: Republic of South Africa
Questions About Your Privacy?
Email sales@coffeeandblenders.co.za with “POPIA Request” in the subject line โ we respond within 3 business days.